pkgsrc-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: pkg/52918: mail/dovecot does not supply intermediate CA certs



The following reply was made to PR pkg/52918; it has been noted by GNATS.

From: Filip Hajny <filip%joyent.com@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: pkg/52918: mail/dovecot does not supply intermediate CA certs
Date: Thu, 11 Jan 2018 17:20:50 +0100

 > ssl_cert =3D </etc/openssl/certs/server.cert
 > ssl_key =3D </etc/openssl/private/server.key
 > ssl_ca =3D </etc/openssl/certs/ca-cert-chain.pem
 
 The way I understand the docs, ssl_ca was intended for client =
 certificate authentication only. In my years old config file, I still =
 have the original upstream comment that says
 
 "PEM encoded trusted certificate authority. Set this only if you intend =
 to use ssl_verify_client_cert=3Dyes.=E2=80=9D
 
 And I have always bundled my CA intermediate certificates with the one =
 specified using ssl_cert, because that worked for me in the past.
 
 I=E2=80=99d wait for a confirmation from upstream, it doesn=E2=80=99t =
 feel like a reason to roll back though.
 
 -F=
 


Home | Main Index | Thread Index | Old Index